What is the best rom for a Pixel phone? I can't decide between Lineage, Copperhead, and Graphene... #security #android #roms #digitalsecurity #privacy #pixel #google #privacyrights
@ben_dw GrapheneOS 100% if you're looking for security and privacy. You can't root it or install an app store (well you can install F-Droid but you can't give it system-level access to auto-update) but IMO those are good things, just a bit less convenient.
If you're only looking to escape Google and actual security is less of a concern for you Lineage is probably fine, and a lot more customizable, if you're into Android mods.
@jonah
Fair! Should I be concerned that the Pixel 1 won't get security updated after October 2019!
/e/
@ben_dw @jonah You only need to be concerned about that if you stick with the stock Android. LineagesOS based ROMs will certainly get updates far beyond the Google cut-off date, as long as there is an active maintainer. Check out the /e/ ROM from e.foundation, I have found they provide updates to their LineageOS based ROM even after official LineageOS maintainers loose interest and stop updates.
@supernova @ben_dw this is actually mostly untrue and it’s one of the most annoying things about Lineage IMO. Lineage will port in AOSP security patches, but most security patches for devices are actually device-specific (like firmware patches) and Lineage in general makes 0 effort to include them. So the security patch level reported is misleading because it either isn’t what you’d expect, or on some occasions manually set higher when there haven’t been ANY security patches at all.
@emacsomancer have a screenshot? Haven't used Lineage in a while but IIRC at the time they just used whichever was higher which seemed very unethical. So if they show both that's definitely a huge improvement.
But regardless, I'd be willing to bet the vendor security patches are far behind. The main reason Graphene is more secure is because it forces you to use a Pixel, which is objectively more secure hardware.
@emacsomancer right. I'm speaking from a *purely* security focused standpoint, where it is essentially unacceptable to use old hardware. There's certainly other reasons people might prefer something like an S5 and Lineage over a Pixel and Graphene.
I'm a little dubious of 'unacceptable to use old hardware' from a security standpoint - do you mean only for mobile phones?
For laptops, it seems to me that it's more or less unacceptable to use *newer* hardware from a security point of view.
@emacsomancer it's probably significantly more relevant to mobile devices.
I would probably consider any device no longer receiving security updates to be "old hardware" in this context.
So if the Titan M stopped receiving firmware updates in 5 years, but the 2024 Pixel phone was receiving up-to-date security patches, then yes the Titan M would be old hardware.
For mobile, I think my LineageOS setup is reasonably secure, despite lack of vendor security updates. I'd rather not have to keep uselessly buying new hardware.
For mobile esp., it's all really harm reduction: mobile is inherently insecure/non-private, with baseband black boxes &c.
@emacsomancer right, like I said there's certainly valid reasons to use Lineage.
I would probably disagree with that last part though. Mobile devices are arguably the most secure devices people own (strong sandboxing, malware protection, hardware security, etc). Which is why it's such a shame most Android OEMs completely disregard it.
@jonah Sandboxing, malware protection etc. are fairly pointless when there’s so many non-free, non-inspectable components, and a blackbox baseband.
@emacsomancer maybe ideologically, but in practice an iPhone XS is going to be more secure compared to a Galaxy S5 or even a standard Linux laptop against both malware attacks and targeted/local attacks, and that’s what’s going to provide the most immediate benefit to consumers, both individual and in enterprise environments.
@jonah I’m dubious about this in practice. But we may have different use-cases/concerns/priorities.
My bottom-line: Closed-source devices are never trust-worthy, though the company/yourself may try to convince you otherwise. This rules out Apple.
@supernova @ben_dw
In fact, most (all?) of the time they don’t even include them with ROMs with devices still receiving device security patches. IIRC even on Pixel devices the security patch level doesn’t include device-specific patches even though Google releases them for free.